CVE-2015-6259

Public PoC / Exploit

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.

Weaknesses (CWE)

CWE-20

Affected Products (11)

cisco · integrated_management_controller_supervisorvulnerable

cisco · unified_computing_system_directorvulnerable

cisco · unified_computing_system_director

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs

Vendor Advisory

http://www.securitytracker.com/id/1033451

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs

Vendor Advisory

http://www.securitytracker.com/id/1033451

Third Party AdvisoryVDB Entry